F5BigContextGlobal

The F5BigContextGlobal CR provides options that enable modifications to the default F5BigFwPolicy CR packet handling behavior. For the full list of CRs, refer to the BIG-IP Next for Kubernetes CRs.

CR Parameters

The tables below describe the F5BigContextGlobal CR parameters

Parameter	Description
logProfile	Specifies the F5BigLogProfile CR using the metadata.name parameter.
firewall.enforcedPolicy	References and applies a F5BigFwPolicy globally. This applies prior to F5BigFwPolicy CRs that may be referenced by F5BigContextSecure CRs.
firewall.defaultAction	The default action to apply on traffic not matching any firewall rule in the Virtual Server context: accept (default), reject, or drop.
firewall.defaultActionLog	Whether an HSL message should be generated when applying the defaultAction.

CR Example

apiVersion: k8s.f5net.com/v1
kind: F5BigContextGlobal
metadata:
  name: global-context
spec:
  firewall:
    defaultAction: "accept"
    defaultActionLog: false

CR updates

When BIG-IP Next for Kubernetes is installed to a namespace, a copy of the F5BigContextGlobal CR is applied to that namespace with default values. Because only a single CR of this type can exist in the namespace, you must use the same name, global-context, when modifying the F5BigContextGlobal CR.

• None of the installed BIG-IP Next for Kubernetes CRs reference a F5BigFwPolicy.
• A BIG-IP Next for Kubernetes CR does reference a F5BigFwPolicy, however, packets do not match any of the rules.

Requirements

Ensure you have:

• A Linux based workstation.

Installation

Use the steps below to modify the default values of the F5BigContextGlobal CR.

1. View the currently installed F5BigContextGlobal CR:

   In this example, the F5BigContextGlobal CR is installed in the spk-gateway namespace.

   kubectl get f5-big-context-global -n gateway
   

   In this example, the F5BigContextGlobal CR named global-context is installed.

   NAME             STATUS    MESSAGE                            
   global-context   SUCCESS   CR config sent to all grpc endpoints
   

2. View the configuration of the currently installed F5BigContextGlobal CR:

   kubectl get f5-big-context-global -n gateway -o yaml | grep firewall: -A2
   

   In this example, the F5BigContextGlobal CR is set to the default values.

    firewall:
      defaultAction: accept
      defaultActionLog: false
   

3. Copy the example F5BigContextGlobal CR into a YAML file:

   In this example, the example F5BigContextGlobal CR changes the defaultAction to drop.

   apiVersion: k8s.f5net.com/v1
   kind: F5BigContextGlobal
   metadata:
     name: global-context
     namespace: gateway
   spec:
     firewall:
       defaultAction: "drop"
       defaultActionLog: false
   

4. Replace the F5BigContextGlobal CR:

   Note: Validation will not allow the F5BigContextGlobal CR to be deleted.

   kubectl replace -f spk-context-globals.yaml
   

5. View the updated configuration:

   kubectl get f5-big-context-global -n gateway -o yaml | grep firewall: -A2
   

   In this example, the defaultAction is now drop.

    firewall:
      defaultAction: drop
      defaultActionLog: false